DDoS Protected VPS Providers for Reverse SSH Proxy


Sometime ago I read a decent review about "DDoS Protected VPS Providers" on LowEndTalk. It's indeed accurate based on my experience so far. Currently I trust 3 providers for my SSH/SFTP/MySQL tunnels: LunaNode from Montreal (OVH), RamNode from Atlanta (Staminus) and QuadraNet from Miami (In-House).

A few costumers complained about a SSH proxy from RamNode (via HAProxy) that I had deployed. Then, I started to test it:

1. Downloaded a test file called "100mb.test" to one of my cloud servers;
2. Downloaded the same test file to my computer (BR), naming it "100mb.test.2";
3. Downloaded the test file from the cloud to my computer using sftp command "get 100mb.test" and wrote the average speed on a spreadsheet;
4. Uploaded the "100mb.test.2" from my computer to the cloud using "put 100mb.test.2" and wrote again.

Later I deployed a VPS from New York and did the same test. The average speed were (KB/s):

 Direct (no tunnel)LunaNodeRamNodeQuadraNet
Download from BR330290800*950
Upload from BR115100110120
Download from NY325022302700*3150
Upload from NY262098021202450

*After 19MB of download, I got the exactly same error my customers were getting. RamNode (via Staminus) stalled/blocked the connection for 30 minutes.

I did the same test the next day, results were almost the same. Despite QuadraNet's Protection (standard) is only 3Gbps vs 50Gbps from RamNode and 480Gbps from LunaNode, the proxy isn't mission critical, so I started using QuadraNet.

If you need a reverse proxy for game servers or web servers, I'd recommend another way. HTTP/HTTPS, for example, I have very good experiences with TotalUptime and Sucuri.net, but you can use LunaNode with NGINX as reverse proxy as well or a GRE tunnel.

Game servers or others non-web application, you'll probably be better served using Geo-Routing DNS to distribute the connections through different proxies around the world. Amazon Route 53 and TotalUptime DNS are your friends. Good luck.